RE: Security and Development Best Practice Guidelines for .NET Framework

[Mark Curphey <mark () curphey com>]

I am assuming you have seen what I think is one of the best guides to building secure web apps out there?

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/ThreatCounter.asp

If you haven't take a look. Its .NET focused but there is a lot of very good big picture stuff such as threat modeling 
and design that relevant to any technology.

Cheers

Mark


---- Curt Purdy <purdy () tecman com> wrote:
> > I am aware of the different guidelines that have been issued
> > by Microsoft
> > and @stake has performed an independent evaluation of the
> > .NET Framework
>
> I don't know how you can call the @stake evaluation "indedpendent" when they
> have been bought and paid for by Microsoft to the point that they fire their
> CTO after he wrote a truly independent paper, "Cyberinsecurity: The Cost of
> Monopoly".
>
> Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
> Information Security Engineer
> DP Solutions
>
> ----------------------------------------
>
> If you spend more on coffee than on IT security, you will be hacked.
> What's more, you deserve to be hacked.
> -- White House cybersecurity adviser Richard Clarke